2025-09-05 –, Aula (4.101)
This talk is for engineers, architects, and developers building embedded, IoT, or appliance-like Linux systems that need reliability and secure remote updates.
This session provides a quick overview of how to construct a robust, A/B-style OTA update mechanism using only features that are already upstreamed in NixOS and systemd.
We will explore the synergy of this trio:
- NixOS: Used as the declarative foundation for building bit-for-bit reproducible, small, hardened, and immutable system images.
- systemd-repart: To define the A/B partitioned disk layout directly from the NixOS configuration itself.
- systemd-sysupdate: As the on-device engine for securely fetching, deploying, and atomically activating a new system version, with automatic rollbacks on boot failure.
Jacek Galowicz is the CEO of Nixcademy and Applicative Systems GmbH (DE) and Corp. (US), where he has trained over 400 engineers in Nix and NixOS and helped numerous companies accelerate their adoption of Nix. Before that, Jacek co-founded Cyberus Technology GmbH, where he worked on hypervisor technology and advanced test automation. He has an extensive background in the security and operating systems industries, and as a software engineer, Jacek ported the NixOS integration test driver to Python in 2019. He is also the author of the C++17 STL Cookbook.